On Fri, 10 May 2024 22:40:30 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> One use case for this method is HPKE key export. Obviously, the exported key > won't have algorithm name being "HPKE". If `Cipher::init` is passed an AES SecretKey, wouldn't the `Cipher::export` return an AES SecretKey? I don't see the case where it is anything but the original key's algorithm. This concern comes from the lack of a requirements on value being an algorithm name, and our provider usage is inconsistent with it to. If my memory is correct, SunJCE requires "AES", but other algorithms we don't. So having the user define this value leaves a grey area where users may enter anything. Or in the worse case, the developer not knowing what the key algorithm is (AES or CC20) and needs to keep track of it. ------------- PR Comment: https://git.openjdk.org/jdk/pull/18409#issuecomment-2105512786
